EUVD-2025-16910

Malicious code in bioql PyPI...

CVE-2025-22243

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper input validation...

CVE-2025-22243

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper input validation...

CVE-2025-22243

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper input validation...

CVE-2025-22243

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper input validation...

PT-2025-23843 · Vmware · Vmware Nsx Manager Ui

Name of the Vulnerable Software and Affected Versions: VMware NSX Manager UI affected versions not specified Description: The issue is related to a stored Cross-Site Scripting XSS attack due to improper input validation. This allows an attacker to inject malicious scripts into the system. No...

Changes in OWASP API Security Top-10 2023RC | API Security Newsletter

Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course of a couple of...

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...

VMware NSX Manager vulnerabilities being actively exploited in the wild

The Wallarm Detect team has found exploit attempts in the wild of CVE-2022-31678 and CVE-2021-39144. The original vulnerabilities were found in VMware NSX Manager at the end of last year, and can lead to remote code execution RCE by pre-authenticated attackers. The CVE-2022-31678 vulnerability wa...

Metasploit Weekly Wrap-Up

Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream CVE-2021-39144 There’s nothing quite like a pre-authenticated remote code execution vulnerability in a piece of enterprise software. This week, community contributor h00die-gr3y added a module that targets VMware NSX...

VMware NSX Manager XStream Unauthenticated Remote Code Execution Exploit

VMware Cloud Foundation NSX-V contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for...

VMware NSX Manager XStream unauthenticated RCE

VMware Cloud Foundation NSX-V contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for...

CVE-2021-39144

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

CVE-2020-3993

VMware NSX-T 3.x before 3.0.2, 2.5.x before 2.5.2.2.0 contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node...

Improper access control

VMware NSX-T 3.x before 3.0.2, 2.5.x before 2.5.2.2.0 contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node...

CVE-2020-3993

VMware NSX-T 3.x before 3.0.2, 2.5.x before 2.5.2.2.0 contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node...